SDK Spoofing

What is SDK Spoofing?

SDK Spoofing is a type of bot-based fraud, often executed by malware hidden on another app. In SDK Spoofing, fraudsters add code to one app (the attacker) that then sends simulated ad click, install and engagement signals to an attribution provider on behalf of another app (the victim). When successful, these bots can trick an advertiser into paying for tens or even hundreds of thousands of installs that did not actually occur.

 

How to block SDK Spoofing:

  1. Avoid measurement solutions that utilize Open Source SDKs. Open Source SDKs are inherently less secure and are exposed to many times more bot attacks.
  2. Look for an SDK that has secure communications with their servers. At AppsFlyer, we introduced this security measure in 2014 and have since added a number of additional security measures.
  3. Use a fraud solution that blocks bots. Protect360 automatically blocks bots based on our proprietary bot signature database. 
  4. Most SDK Spoofing bots follow pre-programmed patterns. Protect360’s behavioral anomaly detection automatically blocks non-human behavioral patterns, such as those originating from SDK Spoofing. 

 

Have you been hit by SDK Spoofing?

There are a few easy ways to determine if your app has been compromised by SDK Spoofing.

  1. Look for installs from an SDK version number that you haven’t utilized. Because SDK spoofing bots hide on an attacking app, they will often send clicks and installs from SDK versions other than those used by your apps.
  2. Keep an eye out for jumps in installs from specific SDK versions. If these jumps don’t coincide with your release schedule, there is a good likelihood you are being targeted by bots.
  3. Speak with your attribution provider and ask for a complimentary fraud exposure report.